I've had a couple users get prompted for Jamf wants to use the "JAMF" keychain. Please enter the keychain password. At first i thought it was the CasperSuite deployment, but it's happening on a system that didn't get it installed. the only thing I can think of is the JSS update from 8.5x to 8.6...
Question
Jamf wants to access keychain after upgrading to 8.6
+23
+35Same here.
Upgraded from 8.52. Thought it was just me.
+27This is related to the JAMF keychain being unlocked too long from what I'm told.
#!/bin/sh
# This will unlock the JAMF keychain temporarily
jamf log
# This will disable the autolocking feature of the JAMF Keychain
security set-keychain-settings '/Library/Application Support/JAMF/JAMF.keychain'
exit 0If you run this all should be well. Defect D-003066
+35Thanks Jason, seemingly working well :)
we were also seeing 401 errors when clients were running policies as a result of this.
There was an error. Could not connect to the JSS. Status - 401 Unmounting file server...
+27Ben, I'm guessing the 401 error is still related to the keychain since you are like me and running a Recon after your policy.
+6I saw this for the first time this morning. I have had 8.6 installed since the day it came out, but this is the first time I have seen it. I did upgrade to Mountain Lion last night though.
+19does the script only need to be executed once per client, or does this need to be run periodically?
+3When you run recon, does it take longer than a few mins? If so, yes, using the script above seems to fix it.
+20Any update on this we are seeing this too. If it all ready has a defect number then I guess they are working on it. Its interesting we are only seeing this on some of the machines not all of them.
+27The script above only needs to be run once per client. The other alternative is to dial back the amount of data you collect until JAMF releases a patch. I've also noticed the binary works better when you turn off application usage monitoring.
+20Thanks for the Reply Jh
I noticed that the jamf log seems to unlock the keychain for 5 min. Then the 2nd command turns off the auto lock feature.
Like you said the recon or the enroll takes some time to run. Some times over 5 min. So the data collection dial back seems like a good idea.
Thats fine, but I noticed on 8.52 and 8.4 machines the keychain is locked???
I have also noticed that this affects about half of our users on 8.6 so I am not sure why the others are just fine.
The question is would we then have to send another script out to set it to auto lock after the fix comes out?
+20Got the word that when updated to 8.61 it will fix the issue. Another script to relock the keychain will not be needed.
+9The release notes say: [D-003066] Fixed an issue that caused users to be prompted for the JAMF keychain password when inventory submission takes longer than 5 minutes.
+16I had been getting this prompt for JAMF wanting the keychain, but now, with 8.62 release, I'm getting that prompt for various applications from Safari to Lync.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.